The password reset email is one of the most commonly received emails today. Building a software application without incorporating an email notification for forgotten passwords is virtually impossible.
source: statista
However, the very prevalence of password reset emails makes their design and content challenging. These emails are so commonplace that they’re often overlooked. But subtle nuances can significantly impact their effectiveness, making them either user-friendly and convenient or confusing and frustrating.
The process of restoring an account necessitates a delicate balancing act between ensuring password security and maintaining usability.
Similar to how one wouldn’t leave a spare key under the doormat, a password reset email shouldn’t be an easy gateway for unauthorized individuals to hijack an account. On the other hand, a password reset email is a valuable opportunity for positive customer interaction.
Below, we list the best practices for sending password reset emails and share some excellent deliverability tips to help you reach your customers.
A password reset email is a type of transactional email that is automatically triggered when a user clicks on a “Forgot password?” link. It’s a vital component of the account recovery process, which allows users to reset their passwords and regain access to their accounts.
This email typically includes essential information, such as instructions on how to reset the password and a link to the service’s reset password web page. The link provided in the email leads the user to a secure web page where they can enter a new password for their account.
Password reset emails are crucial to account security, as they provide a way for users to verify their identity and ensure that only they can reset their passwords. It helps prevent unauthorized access to their account by would-be attackers.
CyberLabs #2 – Password security, the reason why you should create strong passwords
As such, password reset emails must be designed with security and usability in mind. They should use clear and concise language to guide the user through the process of resetting their password and provide a secure and easy-to-use mechanism for updating their account details.
This is how the password reset email sent by EmailLabs looks like.
By providing users with a clear and effective password reset email, service providers can ensure that their users can easily reset their passwords, enhance the overall user experience, and maintain the security of their accounts.
Here are the best practices to follow while creating password reset emails.
Maximize your email deliverability and security with EmailLabs!
When customers ask for a password reset, they require access to their accounts as quickly as possible. It means the speed at which they receive the password reset email can significantly impact their experience.
To ensure that the password reset email arrives immediately, optimizing your email deliverability is crucial. It involves using a trusted email service provider designed to deliver emails at peak performance. You should send emails from a domain with a good reputation and complete DKIM, SPF (and ideally also with DMARC) records for email authentication.
To achieve this, it’s important to work with a reliable email service provider that has the expertise and infrastructure to deliver emails quickly and reliably — like us, EmailLabs. Doing so can help to ensure that the password reset email arrives in the recipient’s inbox as soon as possible, reducing the chance of delays that could impact their experience.
Ideally, the email should land in the recipient’s inbox right after they make a request — like in the example below.
Ideally, the email should arrive in the recipient’s inbox as soon as the recipient makes the request – as in the example above.
Ensuring that your password reset emails are delivered to your customers’ inboxes is crucial for providing a seamless and hassle-free password reset process.
By prioritizing email deliverability and working with a reputable email service provider, you can ensure your users receive the password reset email as quickly and efficiently as possible.
Equally important when it comes to categorizing messages – it is worth betting on a server dedicated to transactional traffic. Sending emails from a shared IP may end up with the email going to the “Promotions” tab.
The “Offers” or “Promotions” tab is a folder in your customers’ main inbox – however – it is not a folder that opens by default right after logging in. Therefore, there is a risk that your subscribers will not see a message that goes to the “Offers” folder or will read it late.
As mentioned before, when it comes to a password reset request, people expect the process to be quick and straightforward. As such, the password reset email should be concise and get straight to the point.
Users generally don’t want to spend more time than necessary on account recovery. A long, complex email can be seen as a roadblock that prevents them from completing the task.
Instead, password reset emails should be kept short and easy to read, providing only the essential information that users need to reset their passwords and regain access to their accounts.
The email should be written in clear and simple language that is easy to understand. It should also include explicit instructions on how to reset the password, along with a link to the password reset web page.
The following example perfectly demonstrates this concept. It includes a brief explanation and a clear “Reset your password” button.
The link to reset the password is the most important part of the password reset email. Because of that, it’s essential to ensure that the link is clearly visible and easy to click, as this will make it as simple as possible for the user to access the password reset page.
To make the process as smooth as possible, it’s best to use the HREF attribute of a link rather than embedding the password reset link directly in the email. This is because the URL for the password reset page is often quite long and complex, and embedding it directly in the email can make it difficult to click or copy and paste. It may also cause some email programs to consider the message as phishing.
CyberLabs #1 – Phishing being one of the most popular cyber threats
Using the HREF attribute of a link, you can make the password reset link more prominent and visible, making it easier for users to find and click. It can help ensure that the password reset process is as smooth and straightforward as possible, minimizing any frustration or confusion that users might experience.
How to use the HREF attribute correctly.
When resetting a password, you must ensure that the email you send is secure and legitimate. If the email comes from an unfamiliar sender name or address, it’s natural for recipients to assume that it might be spam or a phishing attempt.
To build trust and reassure recipients, it’s vital to identify your company in the sender’s name and address. Additionally, including your logo at the top of the email can help reinforce your brand identity and provide a visual cue that the email is from a legitimate source.
For example, in the password reset email from Evernote, the sender’s name is clearly identified as Evernote, and the email address is [email protected].com
The email also prominently features the Evernote logo at the top. All these elements make it clear that the email is from Evernote and helps reassure the recipient that it is safe to open the email and click on the password reset link.
Remember – you build customer’s trust by showing your brand. Posting a logo or using colors attributed to your brand can significantly affect this.
Including marketing material in transactional emails can confuse Inbox Service Providers (ISPs) and cause them to flag the email as a marketing email. This situation increases the likelihood that the email will end up in the recipient’s spam folder rather than their inbox.
Consequently, it’s crucial to keep transactional emails focused solely on their intended purpose and avoid including any marketing messages or material.
Patreon password reset email sets a good example by being concise and easily readable.
Patreon opted for short content and a prominent orange button.
When resetting a password, there’s nothing more frustrating than encountering obstacles or distractions along the way. That’s why it’s essential to provide users with password resets email that is clear, straightforward, and easy to use.
The best password reset emails typically feature a single, prominent call-to-action (CTA) button or link that leads the user directly to the reset password page. It ensures that users can complete the process without being distracted by other options or confusing messages.
Whether the user is in a rush or simply looking for a hassle-free experience, a clear and straightforward password reset email can make all the difference. By providing a simple and easy-to-use CTA, you can help users get back to their accounts quickly and efficiently.
In some cases, including a copyable reset password URL in addition to the CTA button or link may be helpful. Doing so can be especially useful if the user cannot click through to the browser or encounter any other technical difficulties.
For example, you can follow in Etsy’s footsteps and add the link below the “Reset Your Password” button to give your customers an additional option to restore control of their accounts.
Etsy made sure to include not only a CTA button but also provided a direct link to the password change page.
Ultimately, the goal of a password reset email is to provide users with a positive and secure experience while ensuring that their account information is protected. By prioritizing simplicity and clarity, you can achieve this goal and build trust and loyalty with your users.
To ensure that password reset emails reach the widest possible audience, sending both an HTML and plain text version of the email is critical. Doing this can improve the delivery rate, as spam filters often view HTML-only emails as a potential red flag.
Providing both versions of the email ensures that users can access the content in a format that works best for them, whether they prefer to view the email in HTML or plain text. It can improve the overall user experience, as well as the security and accessibility of the email.
The password reset email from Airbnb provides an outstanding example of how to include both an HTML and plain text version of the email. By giving both versions, Airbnb ensures that users can access the email and reset link regardless of their email client or preferences and can reset their password quickly and easily.
HTML version
The HTML version includes colourful elements and varied fonts.
Plain text version
The plain text version ensures that the user will be able to read the message on any device without trouble.
It’s crucial to reassure your customers that they have control over their accounts. For that reason, your password reset email should make it clear that users can opt to do nothing if they did not request a password change and that they can always contact support if they have any questions or concerns.
One example of a company that does this well is Society6, a home decor site. Their password reset link email not only provides clear instructions on resetting the password but also includes a reassuring message that users can choose not to change their password if they did not initiate the request.
By including this message, Society6 is sending a signal of trust to its users. It shows that the company takes security and privacy seriously and is committed to providing a transparent and user-friendly experience.
In addition to this message, Society6 also encourages users to contact support if they have any questions or issues. This further reinforces the company’s commitment to providing excellent customer service and support and can help to build trust and loyalty with its users.
Society6 password reset message containing the “Contact Us” button.
Creating a password reset email that is user-friendly, secure, and effective is no small feat. To help ensure that your email hits all the right notes, we’ve put together a handy checklist of best practices to follow.
Maximize your email deliverability and security with EmailLabs!
Regarding password resets, there’s a fine line between ensuring security and providing a user-friendly experience.
On the one hand, you want to give users enough information to initiate a password reset. But on the other, you don’t want to make it too easy for hackers to gain access to sensitive information.
One effective way to maintain security is to never confirm or deny the existence of an account with a given email or username. Yet, it can create confusion and frustration for users who are unsure whether their account actually exists.
To address this challenge, a simple solution is to always send an email to the email address provided, regardless of whether the user exists or not. This way, the confirmation message displayed on the web page simply states, “an email has been sent to the provided email address with further instructions.”
If the user exists, you send the standard password reset email with a URL and instructions. If the user doesn’t exist, you send a different email explaining that the user account was not found and suggesting they try a different email address.
While this approach may not provide immediate feedback on the web page, it ensures that no one other than the email address owner can identify a list of user accounts for a given service. The owner of the email address will be the only one to receive any details about the password, and anyone looking to uncover existing users will always receive the same message and never know whether the account exists or not.
Following this approach allows you to strike the right balance between security and usability and provide a seamless password reset experience for your users.
The last thing you want is for your password reset email to end up in the spam folder or be blocked altogether. After all, if your customers can’t access your email, how are they supposed to access their account?
You can do a few things to ensure your password reset email makes it to the inbox.
First, consider sending your email from a dedicated IP address. It will allow you to maintain a strong sending reputation and avoid being affected by the practices of other senders.
Second, it can be helpful to separate your mail streams for marketing and promotional emails from transactional emails. By closely monitoring the mail stream for login credentials, you can ensure that you are experiencing high delivery rates.
Finally, refrain from adding marketing material to your transactional emails. ISPs can easily become confused by marketing material in transactional emails, making your email more likely to land in the spam folder.
Password reset emails may seem like mundane and functional emails, but they actually offer a perfect opportunity to showcase your brand’s personality, build stronger relationships with your customers, and drive conversions.
While it’s easy to overlook the potential of password reset emails, a closer look reveals a wealth of possibilities. By infusing your password reset emails with your brand’s unique voice and tone, you can make a lasting impression on your customers and reinforce your brand identity.
Additionally, password reset emails offer an opportunity to engage further with your customers and drive conversions. Including relevant calls to action or information about your products or services can encourage customers to explore your offerings further.
Ready to start sending? Sign up for a free EmailLabs account today and transform your password reset emails for better deliverability and classification of transactional emails that help you build stronger relationships with your customers and drive business growth!
We are a group of specialists involved in developing substantive and engaging articles on emails and their deliverability. Our value is to be part of the team that creates the EmailLabs service on a daily basis, making our content fully responsive to our audience's questions and problems. Do you have any questions? We look forward to hearing from you :)
See more articles
Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024....
Vercom S.A. public joint-stock company to which the EmailLabs project belongs, has been assessed and certified to be compliant with the ISO/IEC 27001 and ISO/IEC 27018 standards. The Vercoms’...
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
![Google and Yahoo’s Email Sender Requirements in 2024 [Updated Enforcement Timeline]](https://emaillabs.io/wp-content/uploads/2024/04/gmail-yahoo-changes@2x-390x221.png)
Google and Yahoo's Requirements
2024 marks a turning point in the fast-paced world of email deliverability, as this is the year when Google and Yahoo updated their sender requirements. With the enforcement period...
Best practices, Email Marketing
B2B email marketing – it’s a term you’ve likely heard before, but what does it really entail? And, more importantly, how can it be done effectively? In this article,...
Deliverability, Sending Reputation
Email sender reputation is one of the most important factors that can determine whether your emails reach the intended recipient or not. So, what is the email sender reputation,...
Google and Yahoo's Requirements
2024 marks a turning point in the fast-paced world of email deliverability, as this is the year when Google and Yahoo updated their sender requirements. With the enforcement period...
Best practices, Email Marketing
B2B email marketing – it’s a term you’ve likely heard before, but what does it really entail? And, more importantly, how can it be done effectively? In this article,...
Deliverability, Sending Reputation
Email sender reputation is one of the most important factors that can determine whether your emails reach the intended recipient or not. So, what is the email sender reputation,...
Email Authentication, Sending Reputation
In the realm of email, sender authorization is a powerful tool wielded by local and global providers like Gmail, Yahoo, and AOL to combat spam. Additionally, as an authenticated...
As an integral part of your email infrastructure, SMTP and SMTP port numbers are not just for tech whizzes – they’re important for anyone using email. You’ve likely heard...
Ever wondered why you can’t attach a movie to an email? Or why won’t that PowerPoint presentation just send? It all comes down to the maximum size of email...
One of the most dire situations a business can face is unauthorized access to its company network. This breach can lead to the theft of valuable intellectual property and...
The Simple Mail Transfer Protocol (SMTP) holds significant importance in the realm of email communication. As a vital component of mail servers, SMTP takes charge of sending, receiving, and...
The significance of email protection and data security is growing exponentially in today’s digital world, with StartTLS emerging as a key player in this arena. As an encryption protocol...
